Lucene search
K

CVE-2022-23180

🗓️ 16 Jan 2024 15:52:09Reported by WPScanType 
cve
 cve
🔗 web.nvd.nist.gov👁 44 Views🌐 WEB

The Contact Form & Lead Form Elementor Builder WordPress plugin before 1.7.4 lacks authorization and nonce checks, allowing authenticated users to update settings

Related
Detection
Affected
Refs
Paths
NVD
Vulners
[
  {
    "vendor": "Unknown",
    "product": "Contact Form & Lead Form Elementor Builder",
    "versions": [
      {
        "status": "affected",
        "versionType": "semver",
        "version": "0",
        "lessThan": "1.7.4"
      }
    ],
    "defaultStatus": "unaffected",
    "collectionURL": "https://wordpress.org/plugins"
  }
]
ParameterPositionPathDescriptionCWE
captcha-on-off-settingrequest body/wp-admin/admin-ajax.phpUnauthorized modification of settings via admin-ajax without proper authorization/nonce checksCWE-862
captcha_on_off_form_idrequest body/wp-admin/admin-ajax.phpUnauthorized modification of settings via admin-ajax without proper authorization/nonce checksCWE-862
actionrequest body/wp-admin/admin-ajax.phpUnauthorized modification of settings via admin-ajax without proper authorization/nonce checksCWE-862
captcha-setting-sitekeyrequest body/wp-admin/admin-ajax.phpUnauthorized captcha settings update via admin-ajax without proper authorization/nonce checksCWE-862
captcha-setting-secretrequest body/wp-admin/admin-ajax.phpUnauthorized captcha settings update via admin-ajax without proper authorization/nonce checksCWE-862
captcha-keysrequest body/wp-admin/admin-ajax.phpUnauthorized captcha settings update via admin-ajax without proper authorization/nonce checksCWE-862
actionrequest body/wp-admin/admin-ajax.phpUnauthorized captcha settings update via admin-ajax without proper authorization/nonce checksCWE-862
data-recieve-methodrequest body/wp-admin/admin-ajax.phpLead receiving settings changed by unauthenticated user through admin-ajax endpointCWE-862
action-lead-settingrequest body/wp-admin/admin-ajax.phpLead receiving settings changed by unauthenticated user through admin-ajax endpointCWE-862
actionrequest body/wp-admin/admin-ajax.phpLead receiving settings changed by unauthenticated user through admin-ajax endpointCWE-862
Rows per page

Data

Build on a solid foundation with Vulners data

We provide the essential building blocks for cybersecurity solutions with comprehensive, structured, and constantly updated vulnerability and exploits data

Api

Power your application with Vulners API

The Vulners REST API offers reliable, high-performance access to vulnerability intelligence, with 99.9% SLA uptime and CDN-backed data delivery for seamless global access

App

Assess and manage vulnerabilities with Vulners tools

Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation

17 Jun 2026 04:29Current
4.6Medium risk
Vulners AI Score4.6
CVSS 3.14.3
EPSS0.0053
SSVC
44